NATO Cyber Security Conference: Creating IT-Security Start-Ups

introduction about the cyber security startup landscape, what are the drivers, why businesses and governments need to act, some predictions for 2015 and beyond, investment market and Palantir mini-case-study, market growth, 3 startup tips from founders, some references and additional material

5.
Cyber Security Startups?
Cyber Security Startup!!
• Generations of Cyber Security
1993: Mosaic and the rise of the commercial Internet (FUD* 1.0)
• 2000: dot-com bubble burst (double-digit security spend as %IT)
- 2002: inflection point (FUD* 1.5)
• 2005: consumer Internet distraction & 2008: economic crash
• 2011: media focus on all things cyber (FUD* 2.0)
• 2013: Snowden and the fragility of the Internet (anti-FUD*?)
• 2015: ?
• 2020: ???
• * Acronym for fear, uncertainty and doubt. It is a marketing term that is often used to cast a shadow over a competitor's product when your own is unable to
compete. FUD is a technique used by larger companies who have a large market share. The FUD acronym was first freely defined by Gene Amdahl after he left
IBM to found his own company, Amdahl Corp, with this statement: "FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential
customers who might be considering Amdahl products."

6.
No crystal ball is required to predict
that high-profile security breaches
will continue to make
the news in 2015

7.
Two Real Cyber Security Drivers
• Governments and corporations are under attack
from cyber hacks (no longer simply a nuisance)
• IT budgets are being freed up for products and
services to strengthen digital defenses (convergence
of risk)

13.
Intelligence Services:
Key Investors1
• 106 Startups Who Received Investment from
the C.I.A* Since 1999 In-Q-Tel has been
strategically investing in startup companies
that are used by the intelligence community.
• Today, these companies have amassed more
than $3.2 Billion in venture funding, and
employ more than 7,000 people.

14.
Case-Study: One Of The Most Prominent
Intelligence Financed Startups
As of 2013, Palantir was used by at least 12 groups within the US
Government including the CIA, DHS, NSA, FBI, the CDC, the
Marine Corps, the Air Force, Special Operations Command, West
Point, the Joint IED-defeat organization and Allies, the Recovery
Accountability and Transparency Board and the National Center
for Missing and Exploited Children.

15.
https://www.youtube.com/watch?v=VJFk8oGTEs4

16.
Palantir Facts
• Founded in 2004 by Peter Thiel, Joe Lonsdale, Alex Karp, Stephen Cohen,
Nathan Gettings; 1.500+ employees;
• Palantir Gotham is used by counter-terrorism analysts at offices in the
United States Intelligence Community and United States Department of
Defense, fraud investigators at the Recovery Accountability and Transparency
Board, and cyber analysts at Information Warfare Monitor. Palantir Metropolis is
used by hedge funds, banks, and financial services firms.
• CEO Alex Karp announced in 2013 that the company would not be pursuing
an IPO, as going public would make “running a company like ours very difficult.”
• As of early 2014 the company was valued at $9 billion, according to Forbes,
with the magazine further explaining that the valuation made Palantir "among
Silicon Valley’s most valuable private technology companies.

17.
Global Cyber Security Spending to
Reach $76.9 Billion in 2015: Gartner
• According to the IT research and advisory firm, global
IT security spending reached $71.1 billion in 2014
year, an increase of 7.9% compared to 2013. 2015,
spending will grow even more, reaching $76.9 billion
(+8,2%)
• By 2015, approximately 10% of the security controls
deployed by organizations will be cloud-based,
particularly when it comes to small and midsize
businesses.

18.
J.P. Morgan CEO: Cyber-Security
Spending To Double!
• J.P. Morgan Chase & Co. Chairman and Chief
Executive James Dimon said the bank would double
spending on cyber security over the next five years.

19.
3 Solid Tips From Founders
Of a Security Startup2
• To scale a startup too early or grow too quickly is not necessarily a good thing,
especially for enterprise startups. Things will go wrong, bugs will be revealed, and the
unexpected will always surprise you at the most inconvenient of times. Being slow and
steady at first allows time to optimise the advertising funnel and learn how to push
customers down the funnel effectively with a small budget. Don’t ramp up the model until
the conversion is consistently great.
• When attending business meetups and events, seek to build business relationships,
and genuinely help people to ‘pay it forward’. Many startup founders meet to sell their
idea, or to pitch. No one will be interested in buying from you or use your product if you
directly sell to them when meeting the first time.
• At the end of the day, a startup is a business, so think of revenue early and have a
solid business model, not just to build something cool or change the world. Don’t run out
of cash, because the longer the business can survive, the greater its chance of succeeding
and ultimately changing the world.

20.
Reaching Out to the Growing
Community (Examples)
https://angel.co/cyber-security

28.
Closing the Loop
• Government Cyberwarfare & CIP
– More than 80 companies work with the NSA on
cyberwarfare and surveillance (Der Spiegel)
– Claims that U.S. National Security Agency is
funding “digital Blackwater” and “cyber Raytheon”

29.
Final Remarks
• Security still a reflex reaction to an attack
• IT infrastructure security still a one-time, ad hoc effort
• Security as a broad collection of technologies
• Cyber Security never gets solved
Like an antibiotic-resistant bacteria: attackers
adapt to defenses and render them obsolete
(David Cowen, Partner at Bessemer Ventures)